Active Directory Archive

An Active Directory Schema is a description of all directory objects and attributes of the Windows domain. The AD schema reflects the basic structure of the catalog and is critical for its proper functioning. Typically, the AD schema is extended/upgraded for several reasons, the most common of which in

In this article, we’ll take a look on why it’s not possible to join a new computer to the Active Directory domain with an error Active Directory Domain Controller could not be contacted. What does Active Directory Domain Controller Could Not be Contacted Error Looks Like? A user or

Sometimes there are situations when AD account keeps locking out, this happen when you try to log on to a domain computer and getting an error on the login screen: The referenced account is currently locked out and may not be logged on to. This notification means that the

When log on to a computer with a domain account the user enters credentials, which are passed to the nearest domain controller for authentication. If there are no available domain controllers in the network, then there is no one can verify the credentials and the user cannot logon to

Often some access rights in Active Directory must be granted temporarily, for a certain period of time. In order to avoid the need to monitor the validity of the issued authorities, they can be created initially temporary. To create temporary permissions in AD there are special mechanisms — Temporary Group

In this article we will show you how to promote a new domain controller with Windows Server 2016 in the Active Directory domain, move FSMO roles from an old domain controller (running Windows Server 2012 R2/2008), raise the domain functional level to Windows Server 2016 and then demote the

In addition to the 5 FSMO roles in Active Directory, there is the sixth (unofficial) domain controller role — Global catalog (GC). Unlike FSMO roles, any controller in a domain can have a Global Catalog role, i.e. it doesn’t require the uniqueness of a server within an Active directory

The Primary Domain Controller (PDC) Emulator FSMO role is one of the three domain-wide operations master roles, i.e. in each domain there should be only one domain controller which is the owner of this role. Initially, the main task of PDC Emulator was to ensure compatibility with earlier versions

The RID master (Relative Identifier) is one of three FSMO domain-level roles, i.e. each domain must have one domain controller which owns this role. A domain controller with the RID Master role is responsible for allocating a unique RID sequence to each domain controller in its domain, as well

Domain Naming Master — another forest-wide FSMO role (as well as Schema Master role), i.e. in the entire Active Directory forest can be only one domain controller with operation master role Domain Naming Master. The owner of this role is responsible for operations related with Active Directory domain names: